-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2020-ff94ccbdec 2020-05-29 00:56:48.645269 --------------------------------------------------------------------------------
Name : openssl11 Product : Fedora EPEL 7 Version : 1.1.1c Release : 2.el7 URL : http://www.openssl.org/ Summary : Utilities from the general purpose cryptography library with TLS implementation Description : The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.
-------------------------------------------------------------------------------- Update Information:
- backport from 1.1.1c-15: add selftest of the RAND_DRBG implementation - backport from 1.1.1c-14: fix incorrect error return value from FIPS_selftest_dsa - backport from 1.1.1c-14: S390x: properly restore SIGILL signal handler - backport from 1.1.1c-12: additional fix for the edk2 build - backport from 1.1.1c-9: disallow use of SHA-1 signatures in TLS in FIPS mode - backport from 1.1.1c-8: fix CVE-2019-1547 - side-channel weak encryption vulnerability - backport from 1.1.1c-8: fix CVE-2019-1563 - padding oracle in CMS API - backport from 1.1.1c-8: fix CVE-2019-1549 - ensure fork safety of the DRBG - backport from 1.1.1c-8: fix handling of non-FIPS allowed EC curves in FIPS mode - backport from 1.1.1c-8: fix TLS compliance issues - backport from 1.1.1c-7: backported ARM performance fixes from master - backport from 1.1.1c-6: backport of S390x ECC CPACF enhancements from master - backport from 1.1.1c-6: FIPS mode: properly disable 1024 bit DSA key generation - backport from 1.1.1c-6: FIPS mode: skip ED25519 and ED448 algorithms in openssl speed - backport from 1.1.1c-6: FIPS mode: allow AES-CCM ciphersuites - backport from 1.1.1c-5: make the code suitable for edk2 build - backport from 1.1.1c-4: backport of SSKDF from master - backport from 1.1.1c-3: backport of KBKDF and KRB5KDF from master -------------------------------------------------------------------------------- ChangeLog:
* Wed May 13 2020 Robert Scheck robert@fedoraproject.org 1.1.1c-2 - backport from 1.1.1c-15: add selftest of the RAND_DRBG implementation - backport from 1.1.1c-14: fix incorrect error return value from FIPS_selftest_dsa - backport from 1.1.1c-14: S390x: properly restore SIGILL signal handler - backport from 1.1.1c-12: additional fix for the edk2 build - backport from 1.1.1c-9: disallow use of SHA-1 signatures in TLS in FIPS mode - backport from 1.1.1c-8: fix CVE-2019-1547 - side-channel weak encryption vulnerability - backport from 1.1.1c-8: fix CVE-2019-1563 - padding oracle in CMS API - backport from 1.1.1c-8: fix CVE-2019-1549 - ensure fork safety of the DRBG - backport from 1.1.1c-8: fix handling of non-FIPS allowed EC curves in FIPS mode - backport from 1.1.1c-8: fix TLS compliance issues - backport from 1.1.1c-7: backported ARM performance fixes from master - backport from 1.1.1c-6: backport of S390x ECC CPACF enhancements from master - backport from 1.1.1c-6: FIPS mode: properly disable 1024 bit DSA key generation - backport from 1.1.1c-6: FIPS mode: skip ED25519 and ED448 algorithms in openssl speed - backport from 1.1.1c-6: FIPS mode: allow AES-CCM ciphersuites - backport from 1.1.1c-5: make the code suitable for edk2 build - backport from 1.1.1c-4: backport of SSKDF from master - backport from 1.1.1c-3: backport of KBKDF and KRB5KDF from master -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1752090 - CVE-2019-1547 openssl: side-channel weak encryption vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1752090 [ 2 ] Bug #1752095 - CVE-2019-1549 openssl: information disclosure in fork() https://bugzilla.redhat.com/show_bug.cgi?id=1752095 [ 3 ] Bug #1752100 - CVE-2019-1563 openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey https://bugzilla.redhat.com/show_bug.cgi?id=1752100 --------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use su -c 'yum update openssl11' at the command line. For more information, refer to "YUM", available at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7%5C /html/System_Administrators_Guide/ch-yum.html
All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
epel-package-announce@lists.fedoraproject.org